Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Symantec Threat Bulletin - 28 October 2009

Symantec Security Response has observed that spammers are attempting to use Facebook’s popularity to spread Trojan.Bredolab
  • 28 October, 2009 16:46

<p>28 October 2009 - Spammers are once again turning their efforts to trusted social networking sites to lure in unsuspecting victims, and this time it’s Facebook. Symantec Security Response has observed that spammers are attempting to use Facebook’s popularity to spread Trojan.Bredolab, a threat that has been consistently and widely distributed this year. This trojan is capable of downloading password stealers, bots, rootkits, backdoors and misleading applications.</p>
<p>Spammers are misleading users by sending a false Facebook notification email about their password. The notification advises users that their passwords have been changed due to safety measures taken to protect Facebook users. The notification claims that a new password is provided in an attachment to the message. However, in reality the attachment holds a .zip file that contains Trojan.Bredolab.</p>
<p>Symantec advises consumers to:</p>
<p>Be careful what you click on. Exercise caution when clicking on links from unknown senders</p>
<p>Remember never to respond to spam. A response will let the spammer know he has reached an active email address, and this just leads to even more spam. Likewise, clicking on links within a spam email that promises to remove you from the sender's mailing list will again reaffirm the email address is active for the spammer. Delete suspicious email without reading it.</p>
<p>Get multiple email addresses for multiple purposes. Have one email address specifically for personal use, known only to family, friends and colleagues. Another email address could be used for mailing lists and newsletters, and still another for online inquires and orders.</p>
<p>Watch where you post your email address. To avoid being caught by bots collecting email addresses, don’t post your full email address on any publicly accessible Web page.</p>
<p>Deploy protection: Ensure you are using an up-to-date security solution that protects against spam and viruses whilst still allowing legitimate email through. Use security software, such as Norton Internet Security 2010. Check out web safety services such as Norton Safe Web where a community of web users collaborate to report dangerous phishing and malware sites.</p>
<p>Please let us know if you have any questions or would like to speak with a Symantec expert.</p>
<p>Press Contact:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>

Most Popular

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place